<?php
require_once '../config/config.php';
isset($_REQUEST['name']) ? $name = $_REQUEST['name'] : $name = '';
isset($_REQUEST['pwd']) ? $pwd = $_REQUEST['pwd'] : $pwd = '';
isset($_REQUEST['yzm']) ? $yzm = $_REQUEST['yzm'] : $yzm = '';
$re['state'] = 0;//验证码错误
if (isset($_SESSION['yzm']) /*&& strtolower($yzm) == strtolower($_SESSION['yzm'])*/) {
    $re['state'] = 1;//用户名或密码错误
    $sql = "SELECT `user`.uid,`user`.`name`,`user`.pwd,`user`.salt FROM `user` WHERE `user`.`name` ='$name'";
    $list = $_db->query($sql)->fetch();

//   echo $sql;var_dump($list);
    if ($list) {
        $re['state'] = 3;//密码错误
        $npwd = hash('sha256', substr(hash('sha256', $pwd), 4) . $list['salt']);
        if ($npwd == $list['pwd']) {
            $token = hash('sha256', time() . mt_rand());
            $re['state'] = 2;//登录成功
            $re['wsurl']=$_cfg['wsurl'];
            $re['token'] = $token;
            if ($_db->query("select * from token where uid={$list['uid']}")->fetch()) {
                $_db->exec("update token set `key`='$token' WHERE uid={$list['uid']}");
            } else {
                $_db->exec("insert into token (`uid`,`key`) VALUES ('{$list['uid']}','$token')");
            }

        }
    }
}
echo json_encode($re);